Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Looking for a particular kind of distro

I want to virtualize win7 and have the Linux on it do the security stuff and protect the win7 client from intrusion while connected to the net.  Is there such a beast?

Life is like a bowl of chocolates: there are all these little crinkly paper cups everywhere.

Link to comment
Share on other sites

Link to post
Share on other sites

That's not how any of this works, if you virtualize windows 7 your virtual machine will have any and all vulnerabilities that come with it. The host system has no way to prevent it. The only advantage in terms of security is that if your VM is infected the rest of your system should still be OK and you should be able to restore the VM from a snapshot; that doesn't really depend on what host distro you use.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D Watch Netflix with Kodi on Arch Linux Sharing folders over the internet using SSH Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, Sauron said:

That's not how any of this works, if you virtualize windows 7 your virtual machine will have any and all vulnerabilities that come with it. The host system has no way to prevent it. The only advantage in terms of security is that if your VM is infected the rest of your system should still be OK and you should be able to restore the VM from a snapshot; that doesn't really depend on what host distro you use.

Drat.  Thanks though.

Life is like a bowl of chocolates: there are all these little crinkly paper cups everywhere.

Link to comment
Share on other sites

Link to post
Share on other sites

lol no

Sudo make me a sandwich 

Link to comment
Share on other sites

Link to post
Share on other sites

On 5/29/2022 at 1:10 AM, Bombastinator said:

I want to virtualize win7 and have the Linux on it do the security stuff and protect the win7 client from intrusion while connected to the net.  Is there such a beast?

Only cyber insecurity is certain. You do not connect the VM Windows 7 to the Internet.

Link to comment
Share on other sites

Link to post
Share on other sites

Posted (edited)
1 hour ago, FUIT1985 said:

Only cyber insecurity is certain. You do not connect the VM Windows 7 to the Internet.

Yeah, it has to have something else in place upstream of it to do security and stuff because win7 can’t handle that anymore.  Win7 is a whole pile less obnoxious about datamining though. Maybe some hardened virtual server in a DMZ or something that does firewall and statefull inspection stuff and serves cleaned packets to the win7 (though apparently there’s a version of win10 that is also apparently an option). One person said that isn’t how it works though.

Edited by Bombastinator

Life is like a bowl of chocolates: there are all these little crinkly paper cups everywhere.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Bombastinator said:

Yeah, it has to have something else in place upstream of it to do security and stuff because win7 can’t handle that anymore.  Win7 is a whole pile less obnoxious about datamining though. Maybe some hardened virtual server in a DMZ or something that does firewall and statefull inspection stuff and serves cleaned packets to the win7 (though apparently there’s a version of win10 that is also apparently an option). One person said that isn’t how it works though.

I read that in the 1990s a White House radius server was hacked through a zero-day attack (with phf exploit). So I don't know if a DMZ with two firewalls or 2 dns (in split horizon mode) or a PDC (or a Radius) can help you. I don't believe in cybersecurity in general. I would simply exclude the virtual machine from the internet.

Link to comment
Share on other sites

Link to post
Share on other sites

If one can’t use the internet without being hacked at will the entire internet is useless though.  No one should be on it.  Ever.  The whole purpose for this was to find a way to play video games without being datamined.  A lot of games won’t work without an internet connection though and a lot of games run only win7 or win10. If the machine can’t connect there’s no point in doing it in the first place.

Life is like a bowl of chocolates: there are all these little crinkly paper cups everywhere.

Link to comment
Share on other sites

Link to post
Share on other sites

Posted (edited)

https://www.microsoft.com/en-US/windows/windows-7-end-of-life-support-information
 

The problem is that Windows 7 will no longer be updated. So if the games are compatible, you can use Windows 10 or 11.

 

Quote

<<In 2022 there have been 7 vulnerabilities in Oracle VM VirtualBox with an average score of 5.6 out of ten. Last year VM VirtualBox had 46 security vulnerabilities published. Right now, VM VirtualBox is on track to have less security vulnerabilities in 2022 than it did last year. Last year, the average CVE base score was greater by 0.72>> https://stack.watch/product/oracle/vm-virtualbox/

 

Edited by FUIT1985
virtualbox vulnerability list
Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, FUIT1985 said:

https://www.microsoft.com/en-US/windows/windows-7-end-of-life-support-information
 

The problem is that Windows 7 will no longer be updated. So if the games are compatible, you can use Windows 10 or 11.

 

 

Yes.  This is known.  It is the WHY of this thing. The whole idea is to NOT use 10 or 11 at all because they have what is effectively malware baked into them. It’s like Facebook got all those problems and Microsoft said “hey! We want to have those problems too!”  They didn’t used to.  There is apparently a version of 10 made by people other than Microsoft which is basically win10 with the malware ripped out.  It apparently ONLY runs in VM though I may be wrong about that.  It’s my next choice if I can’t find a solution this way.

Life is like a bowl of chocolates: there are all these little crinkly paper cups everywhere.

Link to comment
Share on other sites

Link to post
Share on other sites

11 minutes ago, Bombastinator said:

Yes.  This is known.  It is the WHY of this thing. The whole idea is to NOT use 10 or 11 at all because they have what is effectively malware baked into them. It’s like Facebook got all those problems and Microsoft said “hey! We want to have those problems too!”  They didn’t used to.  There is apparently a version of 10 made by people other than Microsoft which is basically win10 with the malware ripped out.  It apparently ONLY runs in VM though I may be wrong about that.  It’s my next choice if I can’t find a solution this way.


 

Link to comment
Share on other sites

Link to post
Share on other sites

Posted (edited)
5 hours ago, FUIT1985 said:


 

I am not sure why you mention this to me.  If it is an explanation of the point you are making I do not know what that point is.  I don’t keep anything important or useful on my games machine it makes me arguably immune to such things as ransomware as if I got some I would simply wipe my drives.  I am not of interest to any governments. Or even criminals.  I am a poor man.  I don’t have the kind of money that would make me interesting.   I merely don’t like being exploited. I get that windows is a fundamentally fragile system security wise. The only abuse I can really be subjected to is that of people sniffing through my data to figure out how to run social engineering attacks on me which is more or less what marketing data is. This is exactly the kind of thing Facebook and google, and now Microsoft do.  Microsoft has made OSes, specifically 7, that did not have this problem. 

Edited by Bombastinator

Life is like a bowl of chocolates: there are all these little crinkly paper cups everywhere.

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, Bombastinator said:

I am not sure why you mention this to me.  If it is an explanation of the point you are making I do not know what that point is.  I don’t keep anything important or useful on my games machine it makes me arguably immune to such things as ransomware as if I got some I would simply wipe my drives.  I am not of interest to any governments. Or even criminals.  I am a poor man.  I don’t have the kind of money that would make me interesting.   I merely don’t like being exploited. I get that windows is a fundamentally fragile system security wise. The only abuse I can really be subjected to is that of people sniffing through my data to figure out how to run social engineering attacks on me which is more or less what marketing data is. This is exactly the kind of thing Facebook and google, and now Microsoft do.  Microsoft has made OSes, specifically 7, that did not have this problem. 

Exploits (especially zero day attacks) can be implemented by anyone. On YouTube you can find several tutorials made by kids.

 

3 hours ago, Bombastinator said:

Microsoft has made OSes, specifically 7, that did not have this problem. 

Really? I do not think so ... 😀

Quote

An Actively Exploited Microsoft Zero-Day Flaw Still Has No Patch
The company continues to downplay the severity of the Follina vulnerability, which remains present in all supported versions of Windows. https://www.wired.com/story/microsoft-follina-vulnerability-windows-office-365/

 

Have a nice day.

Link to comment
Share on other sites

Link to post
Share on other sites

You think win7 has spyware baked into it?  Interesting. Its not completely without “call home” but the level of problem is just much smaller. Of so I have been given to understand.  Perhaps it is not true.  If that is the case the best available possibility is that VM only version of win10. 
 

No one and nothing can prevent zero day attacks except maybe air gap. (So live in a hole)  Or possibly security through obscurity, which is not something I would call reliable. So dealing with the internet at all means that level of risk.  It’s the same level for pretty much everything though and as such can be discounted as it’s not something that can functionally be avoided.  It’s a different kind of problem anyway.   Is it one to worry about? Sure

 

Air gap is simply not a viable option though.  You seem to be arguing against fighting the stuff at all as you seem to feel it is hopeless. Perhaps I merely choose to rage against the dying of the light.

Life is like a bowl of chocolates: there are all these little crinkly paper cups everywhere.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Bombastinator said:

You think win7 has spyware baked into it?  Interesting. Its not completely without “call home” but the level of problem is just much smaller. Of so I have been given to understand.  Perhaps it is not true.  If that is the case the best available possibility is that VM only version of win10. 
 

No one and nothing can prevent zero day attacks except maybe air gap. (So live in a hole)  Or possibly security through obscurity, which is not something I would call reliable. So dealing with the internet at all means that level of risk.  It’s the same level for pretty much everything though and as such can be discounted as it’s not something that can functionally be avoided.  It’s a different kind of problem anyway.   Is it one to worry about? Sure

 

Air gap is simply not a viable option though.  You seem to be arguing against fighting the stuff at all as you seem to feel it is hopeless. Perhaps I merely choose to rage against the dying of the light.

I just suggested you not to use Windows 7 (and above all not to connect it to the internet) because it no longer receives security updates. You are free to do as you wish.

Link to comment
Share on other sites

Link to post
Share on other sites

19 hours ago, Bombastinator said:

The whole purpose for this was to find a way to play video games without being datamined.

Play video games that don't datamine you. Don't install a game provider launcher like steam, Keep the games open source (not because it's secure, but because you can audit the code to find out if there's telemetry build it). Don't use discord (even in the browser window), instead use a client that can read the matrix protocol (not Element-Desktop though, use a client like nHeko or Fractal).

To make sure your not being spied upon always have a tool open watching all your outbound in inbound connections (I prefer iftop on the local machines, but pfsense can do that at the network firewall level). Audit system logs in /var/log and /home/$USER/.var/log

 

16 hours ago, Bombastinator said:

Yes.  This is known.  It is the WHY of this thing. The whole idea is to NOT use 10 or 11 at all because they have what is effectively malware baked into them.

MS Windows 7 has had all the same telemetry malware Windows 10 and 11 have built into them since service pack 1. If that's what concerns you, then just don't use Windows. Or just never connect MS Windows to the internet (even during installation).

Link to comment
Share on other sites

Link to post
Share on other sites

Posted (edited)
4 hours ago, FUIT1985 said:

I just suggested you not to use Windows 7 (and above all not to connect it to the internet) because it no longer receives security updates. You are free to do as you wish.

I agree with this.  It would have to be some sort of situation where there would be something between it and the internet. It would request a packet and a different system would go out and get it, look at it, decide if it was safe to hand off to the vm or not and then either do so, or not do so and hand over either nothing, or a dummy packet, depending on how things needed to be set up. A sort of super firewall with port forwarding.  The windows client would never actually connect to the raw internet though it might think it did.  It would be a difficult thing to make and quite slow if such a thing was even possible, hence my question about distros.  Seems it may not be though and may have really fundamental flaws such that it could not even be attempted because things don’t work that way.

Edited by Bombastinator

Life is like a bowl of chocolates: there are all these little crinkly paper cups everywhere.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Bombastinator said:

I agree with this.  It would have to be some sort of situation where there would be something between it and the internet. It would request a packet and a different system would go out and get it, look at it, decide if it was safe to hand off to the vm or not and then either do so, or not do so and hand over either nothing, or a dummy packet, depending on how things needed to be set up. A sort of super firewall with port forwarding.  The windows client would never actually connect to the raw internet though it might think it did.  It would be a difficult thing to make and quite slow if such a thing was even possible, hence my question about distros.  Seems it may not be though and may have really fundamental flaws such that it could not even be attempted because things don’t work that way.

There is actually a difference between spying and tracking. Windows does not spy, but it does implement tracking. This is not a malware or a spyware but only tracking. Linux distributions can also track you (e.g. the popcon package). There are guides for setting up privacy in Windows, but when you run a third-party program, it can still track you. In fact, even opensource does not guarantee you not to be tracked (for example Audacity has been criticized - https://www.bbc.com/news/technology-57721967) . This doesn't mean that you shouldn't use the internet.
 

https://youtu.be/ZltM5thhAFU
 

On the other hand, with regard to the control of incoming or outgoing packets, if a Linux distribution or Windows is infected, a true hot analysis is not possible.
 

Quote

Hot Analysis <<It is quite possible for a subverted ps command to hide some processes, or for a subverted ls to hide files; sometimes even the kernel is compromised>> The Debian Administrator’s Handbook page 441

 

Link to comment
Share on other sites

Link to post
Share on other sites

I fail to see the difference when the tracking information is then sold.  If they were just using it to do research for their own future products that would be one thing.  Afaik that is what apple does.  It’s once removed, but it’s still using secrets about you to abuse you to make money.  It’s just that someone else is doing it.  If apple is selling the data to 3rd parties that is effectively spyware too.  It’s so profitable whole corporations are built on it.  Its why I won’t use Facebook or google products

Life is like a bowl of chocolates: there are all these little crinkly paper cups everywhere.

Link to comment
Share on other sites

Link to post
Share on other sites

Tracking is not good, but it also exists with Linux or opensource in general. I'm sorry. I found an old article on Windows 7 tracking. So using a version of Windows or Linux that doesn't get security updates isn't convenient for you.

 
 
I hope I have resolved your doubts.
Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, FUIT1985 said:

Tracking is not good, but it also exists with Linux or opensource in general. I'm sorry. I found an old article on Windows 7 tracking. So using a version of Windows or Linux that doesn't get security updates isn't convenient for you.

 
 
I hope I have resolved your doubts.

It’s not so much tracking, it’s tracking and selling the data acquired.  Tracking itself isn’t a big deal.  It’s the two put together. Raising your fist in the air isn’t a crime until you bring it into someone’s face. By splitting the collecting and abusing of data, it’s sort of the equivalent of the “stop hitting yourself” thing where you beat someone with their own limbs.

Life is like a bowl of chocolates: there are all these little crinkly paper cups everywhere.

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, Bombastinator said:

I fail to see the difference when the tracking information is then sold.  If they were just using it to do research for their own future products that would be one thing.  Afaik that is what apple does.  It’s once removed, but it’s still using secrets about you to abuse you to make money.  It’s just that someone else is doing it.  If apple is selling the data to 3rd parties that is effectively spyware too.  It’s so profitable whole corporations are built on it.  Its why I won’t use Facebook or google products

If you truly value privacy, you should not connect to the internet at all. 

Sudo make me a sandwich 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×